An aspect of the invention relates to a method for connecting at least one station to a data network, a corresponding data network, and a corresponding access device.
In wired communications systems, communication takes place between interconnected subscriber stations with switching centers (exchanges), usually being interposed between these subscriber stations. In the case of a data access, particularly in such wired communications systems, connections between a subscriber station and an access network are usually controlled via a point-to-point protocol (PPP). When a connection is set up, authentication of the subscriber or the subscriber station setting up the connection takes place. This authentication may be used among other things as a basis for centralized accounting of accruing charges. The RADIUS protocol (RADIUS: Remote Authentication Dial In User Service) is known as suitable for purposes of authentication.
If such communications systems offer the subscriber stations, e.g. a computer or host, a network access for data transfer, e.g. for Internet services, at the time a subscriber station is installed, a configuration takes place in which all settings necessary for the data access, particularly IP addresses (IP: Internet Protocol) are stored in the subscriber station. These permit the subscriber station, or the subscriber, to contact supporting services that are essential for execution of the desired data service, e.g. Internet access, as well as network components on which these run. For example, in addition to the IP address of an HTTP server, which enables an Internet page to be called up conveniently “by a mouse click”, these addresses include the address of a DNS (Domain Name Server), which ascertains the IP address associated with a unit connected to the network (service server; subscriber station), as well as the address of an SMTP server (Simple Mail Transfer Protocol), which is necessary for transmitting electronic messages, known as e-mail.
In addition to the aforementioned communications systems, there are data networks that are usually set up locally and are designed for general-purpose connection of data terminals. In the following, these data networks are referred to as hosts, simply to differentiate them from the aforementioned subscriber stations without restrictions. Two host computers can be connected to each other, directly or via hubs and bridges, and to network devices such as an access server. Data packets are transported between a host and another network device mostly via IP (Internet Protocol).
When a host connects to a network, a local area data network (LAN) for example, the host is assigned an IP address by a connection or access server, for example, via the Dynamic Host Configuration Protocol (DHCP). The IP address enabling the host to be uniquely identified and addressed in the network. At the same time, the host is also informed of addresses of auxiliary services that are important to it and/or of network components on which these services are executed in this network.
A host is normally connected to a local area network by wire, although in more recent networks, the last segment of a wire-based access can be implemented wirelessly via radio. A local area network that supports the wireless connection of hosts is generally referred to as a W-LAN (Wireless Local Area Network).
During the installation, for an IP access, a subscriber station of a telecommunication system must be informed of the IP addresses required, in advance, for a connection setup. This is prior to a first connection or connection setup with a corresponding network interface via a software installation. Conversely, with a local area data network, all the necessary IP addresses can be directly assigned, automatically, for each new connection of a host to a data network. A subscriber station and a host are therefore not devices that are compatible with the other network technology.
A further exemplary incompatibility reveals itself, for example, in the type of connection setup. On the one hand, a point-to-point connection protocol (PPP) is used between subscriber stations and the network-side data terminal devices found in telecommunications systems, known as RAS (Remote Access Servers), the point-to-point protocol being used for connection control between the actual network-specific transport protocol layers and the IP. On the other hand, this additional connection control is not required in local networks, known, among other things, as LANs (Local Area Networks), with the result that data packets, called IP packets, can be transferred directly on the underlying transport layer. The transport layer is advantageously provided by Ethernet.
Patent application EP 0 999 672 A2 discloses a system in which mobile terminals gain access to a data/IP network, for example the global Internet, via a radio access network (RAN) and a packet data serving node (PDSN) connected to the radio access network. A PPP/HDLC (Point-To-Point Protocol/High Level Data Link Control) protocol is used both in the mobile terminal and in the packet data serving node for this purpose.
WO 99/66400 A2 discloses an AAA server (Authentication, Authorization and Accounting Server) which enables different users to access a computer network by providing a plurality of transport protocol modules. The authentication, authorization and accounting is performed for all users on the basis of a database attached to the AAA server, in which the corresponding user data is stored.
U.S. Pat. No. 5,796,727 A describes a method that enables mobile computers equipped with modems to access different data communications services and participate in LANs (Local Area Networks) via a cellular telephone system.
The currently available data network technologies enable a subscriber to log in using his/her notebook computer with a radio data network card, for example, at an airport, into another data network accessible via a radio interface. This is possible because no authorization check is carried out in data networks that are designed to be open. However, the network operator can only prevent the external subscriber from accessing certain files or programs in the data network at the expense of considerable programming overhead. The programming must also be performed in different devices of the data network and in the different hosts to be protected against external accesses. Protection is only possible to a limited extent, particularly, in circumstances where network-internal IP addresses are known to the host or the subscriber.